Cybersecurity
Category Added in a WPeMatico Campaign
A new wave of Balada malware injection attacks has been found exploiting a vulnerable tagDiv premium theme plugin to target Newspaper and Newsmag websites. The flaw in the question is an unauthenticated XSS vulnerability in the plugin that was first disclosed in September. The plugin is used by over 135,000 users, which emphasizes the risk […]
Oct 09, 2023NewsroomBotnet / Cyber Threat An ad fraud botnet dubbed PEACHPIT leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme. The botnet is part of a larger China-based operation codenamed BADBOX, which also entails selling off-brand mobile and connected TV […]
Several hacker groups have joined in on the Israel-Hamas conflict escalation that started over the weekend after the Palestinian militant group launched a major attack. Hamas launched an unprecedented attack on Israel out of Gaza, firing thousands of rockets and sending its fighters to the southern part of the country. In response, Israel declared war […]
Oct 09, 2023NewsroomVulnerability / IoT Security Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO’s ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data. “An attacker could have leveraged these flaws to fully compromise the cloud infrastructure, remotely execute code, and […]
Oct 09, 2023NewsroomSoftware Security / Vulnerability The maintainers of the Curl library have released an advisory warning of two security vulnerabilities that are expected to be addressed as part of an forthcoming update set for release on October 11, 2023. This includes a high-severity and a low-severity flaw tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, […]
Biotechnology company 23andMe, which offers genetic testing and genealogy services, has announced that it was the victim of a data breach following a credential stuffing attack. The cyber attack appeared to be targeting users with Ashkenazi Jewish heritage. The cyber attack was made public on October 6 via a post on 23andMe’s website. In the […]
More often than not, its our solemn duty on this site to keep you informed about the nature and tactics of dangerous, cunnning, and persistent cybercriminals. This is not one of those days. In fact, this is the oppposite of one of those days. This is about a passable spam email sent by a spammer […]
Oct 09, 2023NewsroomCredential Harvesting / Hacking Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks. Menlo Security said the activity started in July 2023, primarily singling out banking and financial services, insurance, […]
CDW, one of the largest global resellers, is set to have its data leaked by the LockBit cybercrime gang after negotiations over the ransom fee broke down. LockBit claims that CDW offered a very low sum of money.